All computing devices, including but not limited to computers, game consoles, cellular telephones and personal digital assistants, have an initialization or startup phase generally referred to as the boot stage, during which time they bootstrap themselves to their full set of functionalities. During the boot stage, special boot code is executed that sets up system parameters and core system behavior, which may include setting up a security system or a digital rights management system. The boot stage is one of the most vulnerable for computing devices. One of the most severe security attacks occurs when a hacker is able to access and manipulate the boot code of a computing device. The ability to manipulate the boot code may allow a hacker to take over the computing device and subvert the security system that would normally be put in place during unmolested initialization. Making matters worse, a successful hacker attack may be shared with other hackers and even simplified for use by non-technical people on similar computing devices. Thus, hackers could generate attacks that the general public can use.
The mass market consequences for manufacturers and retailers of computing devices and services to and through them can quickly become very serious when a single successful hacker attack can spread by distribution to similarly vulnerable computing devices. For example, a hacker finds a flaw in a satellite set top box allowing manipulation of its boot code and, thereafter, removal of the channel locks and pay-per-view restrictions. This successful hack may be spread by the creation of a tool and/or a mod chip enabling others to take advantage of the same flaw in many other satellite set top boxes. Losses to the manufacturer of the set top box and service providers could be magnified greatly with a distributable attack. There may be additional liabilities as well due to hackers that may not be aware of all system requirements pertaining to safety. Altering code may lead to safety hazards such as overheated components that do not receive required cooling by modified code. This may lead to product liability claims. Thus, whether it be losses from mass theft of services, unauthorized sharing that does not respect intellectual property rights and licenses, or product liability issues, there are many important reasons to secure computing devices from unauthorized manipulation.